The issue for me was that the mail attribute( <property name="userEmailAttribute" value="mail" /> of custom-ui-context ) was not configured in ldap and hence the login was failing. Either removing the mail tag or adding the mail attribute to ldap got it working.Also the group names I mentioned in activiti-ui-context.xml were incorrect.